Microsoft & Ivanti Patch Multiple Critical and Actively Exploited Flaws
Microsoft issued patches to fix 79 vulnerabilities on September 2024 Patch Tuesday, including 3 actively exploited vulnerabilities and one that Microsoft considers to be exploited. This month’s updates include fixes for 7 critical flaws, 71 important flaws, and 1 moderate-severity flaw.
The actively exploited vulnerabilities affect Windows and Microsoft Publisher
CVE-2024-38014 – Windows Installer, Elevation of Privilege – CVSS 7.8
An actively exploited flaw that allows a threat actor to gain SYSTEM privileges on Windows systems.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
CVE-2024-38226 – Microsoft Publisher, Security Feature Bypass – CVSS 7.3
A flaw allowing an attacker to bypass a security feature that protects against macros embedded in downloaded documents.
CVE-2024-38217 – Windows Mark of the Web, Security Feature Bypass – CVSS 5.4
The vulnerability allows an attacker to open specially crafted malicious LNK files and bypass Smart App Control and Mark of the Web security warnings and is thought to have been exploited since 2018.
CVE-2024-43491 – Windows Update, Remote Code Execution – CVSS 9.8
Microsoft has not detected any exploitation of this flaw, and the Windows product team is unaware of any previous exploitation, although it is treating it as exploited.
“Microsoft is aware of a vulnerability in Servicing Stack that has rolled back the fixes for some vulnerabilities affecting Optional Components on Windows 10, version 1507 (initial version released July 2015),” explained Microsoft. “This means that an attacker could exploit these previously mitigated vulnerabilities on Windows 10, version 1507 (Windows 10 Enterprise 2015 LTSB and Windows 10 IoT Enterprise 2015 LTSB) systems that have installed the Windows security update released on March 12, 2024 — KB5035858 (OS Build 10240.20526) or other updates released until August 2024.” The issue can be resolved by installing the September 2024 Servicing stack update (SSU KB5043936) and the September 2024 Windows Security update (KB5043083) in that order.
Ivanti Releases Patches for Several Critical Endpoint Manager Flaws
Ivanti has fixed several critical and high-severity flaws in its Endpoint Manager (EPM) software, including one maximum severity flaw. The endpoint management software is used by IT professionals to manage and secure endpoints, including desktops, laptops, servers, and mobile running various operating systems.
The maximum severity vulnerability is tracked as CVE-2024-29847 and is due to a flaw in the deserialization of data in its agent portal. Successful exploitation of the flaw would allow a remote attacker to execute code on the core server. Ivanti has also patched 9 other critical flaws each with a CVSS severity score of 9.1 (CVE-2024-32840, CVE-2024-32842, CVE-2024-32843, CVE-2024-32845, CVE-2024-32846, CVE-2024-32848, CVE-2024-34779, CVE-2024-34783, and CVE-2024-34785), two high severity flaws with CVSS scores of 8.2 and 7.8 (CVE-2024-37397 & CVE-2024-8191), and four medium-severity flaws with CVSS scores ranging from 4.3 to 6.7.
None of the vulnerabilities are thought to have been exploited in attacks at the time of patch release; however, hackers have extensively targeted Ivanti flaws in the past so prompt patching is strongly recommended. The vulnerabilities affect EPM versions 2024 and 2022 SU5 and earlier. They have been corrected in Ivanti EPM 2024 hot patches (need to apply both July and September), 2024 SU1 (To be released), and Ivanti EPM 2022 Service Update 6 (SU6).
